Public bug reported:
if running on a FIPS system I get:
+ uvt-kvm create --memory 2048 --cpu 4 --disk 16 --password=ubuntu bionic-kvm
release=bionic arch=amd64 label=daily
Warning: using --password from the command line is not secure and should be
used for debugging only.
DSA keys are not allowed in FIPS mode^M
Traceback (most recent call last):
File "/usr/bin/uvt-kvm", line 35, in <module>
uvtool.libvirt.kvm.main_cli_wrapper(sys.argv[1:])
File "/usr/lib/python2.7/dist-packages/uvtool/libvirt/kvm.py", line 861, in
main_cli_wrapper
main(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/uvtool/libvirt/kvm.py", line 856, in
main
args.func(parser, args)
File "/usr/lib/python2.7/dist-packages/uvtool/libvirt/kvm.py", line 643, in
main_create
ssh_host_keys, ssh_known_hosts = uvtool.ssh.generate_ssh_host_keys()
File "/usr/lib/python2.7/dist-packages/uvtool/ssh.py", line 50, in
generate_ssh_host_keys
_keygen(key_type, private_path)
File "/usr/lib/python2.7/dist-packages/uvtool/ssh.py", line 34, in _keygen
'-C', 'root@localhost'
File "/usr/lib/python2.7/subprocess.py", line 190, in check_call
raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['ssh-keygen', '-q', '-f',
'/tmp/uvt-kvm.sshtmpVhmPlF/dsa', '-N', '', '-t', 'dsa', '-C',
'root@localhost']' returned non-zero exit status 255
I also was told that elliptic curves are disallowed.
Could we switch the default to the common RSA to make this work in a FIPS
environment?
** Affects: uvtool (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1936473
Title:
DSA keys are not allowed in FIPS
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/uvtool/+bug/1936473/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
